<?php
include("head_login.php");

$page = "";
if(isset($_GET["page"])) $page = secure_alphanum($_GET["page"]); // page darf nur buchstaben, zahlen und unterstrich enthalten
$filter = "";
if(isset($_GET["filter"])) $filter = secure_alphanum($_GET["filter"]); // filter darf nur buchstaben, zahlen und unterstrich enthalten

?>

<div id="page">

<div id="logo"><img src="images/logo.png"></div>

<!-- Navigation -->
<table id="top_navi">
<tr>
 <td class="button" onclick="location.href='index.php';"><a href="index.php">News</a></td>
<?php
 if($logged_in) {
?>
 <td class="button" onclick="location.href='index.php?page=profil';"><a href="index.php?page=profil">Profil</a></td>
 <td class="button" onclick="location.href='index.php?page=nachrichten';"><a href="index.php?page=nachrichten">Nachrichten</a></td>
 
<?php
 }
?>
 <td class="button" onclick="location.href='index.php?page=termine';"><a href="index.php?page=termine">Termine</a></td>
 <td class="button" onclick="location.href='index.php?page=fotos';"><a href="index.php?page=fotos">Fotos</a></td>
 <td class="button" onclick="location.href='index.php?page=about';"><a href="index.php?page=about">&Uuml;ber</a></td>
<?php
if(!$logged_in) {
?>
 <td class="button" onclick="location.href='index.php?page=login';"><a href="index.php?page=login">Login</a></td>
<?php
} else {
 if(has_permission(PERM_ADMIN)) {
?>
 <td class="button" onclick="location.href='index.php?page=user';"><a href="index.php?page=user">User</a></td>
<?php
 }
?>
 <td class="button" onclick="location.href='login.php?action=logout';"><a href="login.php?action=logout">Logout</a></td>
<?php
}
?>
</tr>
<tr id="top_subnavi"><td colspan="8"><table><tr>

<?php
// login form
if($page == "login") {
?>
<form action="login.php?action=login&amp;ref=" method="POST">
 <td>Benutzername: </td><td><input type="text" name="user"></td><td>Passwort: </td><td><input type="password" name="pwd"></td><td><input type="submit" value="Login"></td>
</form>
<?php
}


// termine filter
if($page == "termine" && $logged_in) {
 echo filter_button("Alle", "index.php?page=termine", "");
 echo filter_button("Mein Jahrgang", "index.php?page=termine", "year");
 echo filter_button("Meine Klasse", "index.php?page=termine", "class");
 if(has_permission(PERM_ADD_DATE)) echo filter_button("Termin eintragen", "index.php?page=termine", "add");
}

// news filter
if($page == "" && $logged_in) {
 echo filter_button("Pers&ouml;nliche Neuigkeiten", "index.php", "");
 echo filter_button("Allgemeine Neuigkeiten", "index.php", "all");
 if(has_permission(PERM_WRITE_NEWS)) echo filter_button("Neuigkeit verfassen", "index.php", "new");
}

// profil filter
if($page == "profil" && $logged_in) {
 echo filter_button("Mein Profil", "index.php?page=profil", "");
 echo filter_button("Einladungen", "index.php?page=profil", "invitation");
}

// nachrichten filter
if($page == "nachrichten" && $logged_in) {
 echo filter_button("Nachrichten", "index.php?page=nachrichten", "");
 echo filter_button("Nachricht verfassen", "index.php?page=nachrichten", "new");
}

// foto filter
if($page == "fotos" && $logged_in) {
 echo filter_button("Fotos", "index.php?page=fotos", "");
 if(has_permission(PERM_UPLOAD_PIC)) echo filter_button("Foto hochladen", "index.php?page=fotos", "upload");
}

// user filter
if($page == "user" && $logged_in && has_permission(PERM_ADMIN)) {
 echo filter_button("User anzeigen", "index.php?page=user", "");
 echo filter_button("User hinzuf&uuml;gen", "index.php?page=user", "new");
 echo filter_button("User best&auml;tigen", "index.php?page=user", "confirm");
}


?>

</tr></table></td></tr>
</table>
<div id="main">
<?php

// about
if($page == "about") {
?>
<h1>Absolventenverein des BG/BRG Lichtenfels</h1>
blablabbla<br>
lorem ipsum dolor sit amat...<br>
<br>
Copyright &copy; 2010 by Michael Schwarz und Daniel Pilhatsch<br>

<?php
}
define("FLAG_UNREAD", 1);
define("FLAG_DELETED", 2);
define("FLAG_RELEASED", 1);


// news
if($page == "") {
 if($filter == "all" || !$logged_in) include("news.php");
 if($filter == "" && $logged_in) include("news_personal.php");
 if($filter == "new" && has_permission(PERM_WRITE_NEWS)) include("news_new.php");
}

// nachrichten
if($page == "nachrichten" && $logged_in) {
 if($filter == "") include("messages.php");
 if($filter == "new") include("messages_new.php");
}

// user
if($page == "user" && $logged_in && has_permission(PERM_ADMIN)) {
 if($filter == "") include("user_show.php");
 if($filter == "new") include("user_add.php");
}

?>
</div>
</div>
<?php
include("footer.php");
?>
